audit quality assurance workshop audit planning - icpak · audit quality assurance workshop audit...

Audit Quality Assurance workshopAudit Planning

by:CPA Steve Obock

Associate Director- KPMG KenyaMarch 2017

Uphold public interest

Agenda

Introduction

Developing an audit strategy

Setting audit materiality

Understanding the entity and internal

controls

Q&A

Introduction

Before you build a better mousetrap, it helps to know if there are any mice out there.

When you're dying of thirst it's too late to think about digging a well.

Introduction: Audit life cycle

Engagement Setup

•ISA 210, Agreeing the Terms of Audit Engagements

•ISA 220, Quality Control for an Audit of Financial Statements

•ISA 300, Planning an Audit of Financial Statements

Risk Assessment

•ISA 240, The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements

•ISA 250, Consideration of Laws and Regulations in an Audit of Financial Statements

•ISA 300, Planning an Audit of Financial Statements

•ISA 315, Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

•ISA 320, Materiality in Planning and Performing an Audit

•ISA 330, The Auditor's Responses to Assessed Risks

•ISA 600, Special considerations – audits of group financial statements

•ISA 610, Using the Work of Internal Auditors

•ISA 620, Using the Work of an Auditor's Expert

Phase 1- Planning

Introduction: Audit life cycle

Testing

•ISA 500, Audit Evidence

•ISA 501, Audit Evidence-Specific Considerations for Selected Items

•ISA 505, External Confirmations

•ISA 520, Analytical Procedures

•ISA 530, Audit Sampling

•ISA 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures

Completion

•ISA 260, Communication with Those Charged with Governance

•ISA 265, Communicating Deficiencies in Internal Control to Those Charged with Governance and Management

•ISA 450, Evaluation of Misstatements Identified during the Audit

•ISA 560, Subsequent Events

•ISA 570, Going Concern

•ISA 580, Written Representations

•ISA 700, Forming an Opinion and Reporting on Financial Statements

Phase 2- Do/Execution Phase 3- Conclusion

Audit Planning Process

Accept client and perform initial planning.

Understand the client’s business and industry.

Assess client’s business risk.

Perform preliminary analytical procedures.

Set materiality and assess acceptable audit riskand inherent risk.

Understand internal control and assess control risk.

Develop overall audit plan and audit program.

Developing audit strategy/approach

Mindset

• Test controls, Substantive testing or both?

Are the controls over relevant assertions designed and implemented effectively?

yesno

If relevant to our risk assessment, test the operating effectiveness of the control.

Assess control risk and risk of material misstatement for each relevant assertion in accordance with the KAM topic titled, “Risk identification, assessment and response” and

determine the nature, timing and extent of substantive procedures.

Perform substantive procedures

Mindset

What Do We Consider?

Is it more efficient to test controls than to perform substantive procedures alone?

Can substantive procedures alone provide sufficient appropriate audit

evidence?

RoMM at the assertion level

Existing control framework

Prior period evidence

Significant risk of fraud or error

Results of procedures in prior periods

Specialist resources

Audit team experience

IT environment

Mindset

To Test Controls… Or Not to Test Controls

• We test the operating effectiveness of controls:

– When it is more efficient than performing substantive procedures alone; and

– When substantive procedures alone are insufficient to provide sufficient appropriate audit evidence.

Is it more efficient to test controls than to perform substantive procedures alone?

Can substantive procedures alone provide sufficient appropriate audit

evidence?

Mindset

To Test Controls… Or Not to Test Controls

• Can you think of an example from one of your clients where it was more efficient to test controls?

• Can you think of an example where it was more efficient NOT to test controls?

Is it more efficient to test controls than to perform substantive procedures alone?

Mindset

Are Substantive Procedures Insufficient?

• In what circumstances would substantive procedures alone be insufficient to provide sufficient appropriate audit evidence?

Can substantive procedures alone provide sufficient appropriate audit

evidence?

Mindset

Significant Risk of Fraud or Error

• How may a significant risk of fraud or error impact our audit approach?

• What examples do you have of when you have seen this on your engagements?

Significant risk of fraud or error

Mindset

Existing Control Framework

Existing control framework

How does our understanding of the controls currently in place impact our audit approach?

What examples do you have of

when you have seen this on your

engagements?

Mindset

RoMM at the Assertion Level

RoMM at the assertion level

How does our assessment of RoMM at the assertion level impact our audit approach?

What examples do you have of

when you have seen this on your

engagements?

Mindset

RoMM at the Assertion Level

• How do we take credit for testing the operating effectiveness of controls?

Impact on RoMM Effective controls mean we can measure control risk as “Lower”

Mindset

Reducing RoMM at the Assertion Level

• What is our RoMM before we consider controls and what substantive procedures would we need to perform?

• Reducing our assessment of RoMM may therefore change:

Nature

• For example, substantive analytical procedure instead of test of details

Timing

• For example, perform substantive procedures at interim date

Extent

• For example, reduce the sample size when performing test of details

Mindset

Results of Procedures in Prior Periods

Results of procedures in prior periods

How may the results of procedures in the prior period impact our audit approach?

What examples do you have of

when you have seen this on your

engagements?

Mindset

Prior Period Evidence

Prior period evidence

How may the existence of prior period evidence impact our audit approach?

What examples do you have of

when you have seen this on your

engagements?

Mindset

Audit Team Experience

Audit team experience

How might the experience of the audit team impact our audit approach?

What examples do you have of

when you have seen this on your

engagements?

Mindset

IT Environment

IT environment

How may the existing IT environment impact our audit approach?

What examples do you have of

when you have seen this on your

engagements?

Mindset

Specialist Resources

Specialist resources

How might you adjust your audit approach given the availability of specialists within the firm?

What examples do you have of

when you have seen this on your

engagements?

Mindset

Materiality

• Concept of materiality comes from the financial reporting framework

• Misstatements and omissions are material if they can influence economic decisions of users taken on the basis of financial statements

• The auditor’s determination of materiality is a matter of professional judgment

Mindset

Materiality

• Materiality is set for the financial statements as a whole.

• Performance materiality means the amount set by the auditor at less than materiality to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole.

Mindset

Materiality

• The auditor also sets the audit misstatement posting threshold above which misstatements need to be accumulated.

• Materiality is assessed from the perspective of the users of financial statements.

• A percentage is applied to a chosen benchmark (for example, assets, liabilities, equity, revenue, expenses)

Mindset

Materiality

• A percentage is applied to a chosen benchmark based on professional judgment.

– 5% of profit before tax

– 1% of revenue

Mindset

Determining Materiality

• Use professional judgment and based on reasonable person

• Considers both

– Quantitative and qualitative factors

• Materiality used in

– Planning the audit

• At the overall financial statement level

• Allocate to individual accounts

– Evaluating audit findings

Mindset

Materiality Recap

• Based on professional judgment.

• Not just a simple mathematical calculation.

• Consider both nature and size.

• Engagement Partner involvement.

Mindset

Obtain an Understanding of the Client and its Environment

• Perform risk assessment procedures, including– Inquiries of management and others within the entity

– Analytical procedures

– Observation and inspection relating to client activities, operations, documents, reports and premises.

– Other procedures, such as inquiries of others outside the company (e.g., legal counsel, valuation experts) and reviewing information from external sources such as analysts, banks, rating organizations, journals.

Mindset

Understanding the Client’s Business—Nature of the Client

• Competitive position

• Organizational structure

• Accounting policies and procedures

• Ownership

• Capital structure

• Product and service lines

• Critical business processes

• Internal control

Mindset

Understanding the Client’s Business,Industry, Regulatory, and Other Factors

• Competitive environment

• Supplier and customer relationships

• Technology developments

• Major laws and regulations

• Economic conditions

• Attractiveness of the industry– Barriers to entry

– Strength of competitors

– Bargaining power of suppliers of raw materials and labor

– Bargaining power of customers

Mindset

Understanding the Client’s Business—Objectives, Strategies & Business Risks

• Objectives—Overall plans

• Operating and financial strategies—Operational actions to achieve objectives

• Business risks—Threats to achieving objectives

Mindset

Understanding the Client’s Business –Internal Control

• Need knowledge and understanding of how a client’s internal control works:

– What controls exists

– Who performs them

– How various types of transactions are processed and recorded

– What accounting records and supporting documentation exist

Mindset

Determining the Planned Audit Approach

Evidence from

tests of controls

Evidence from substantive

procedures

Audit Evidence

Audit E

vid

ence

Inherent

risk of

error

Controls

(control risk)

(RoMM)

Interactive Session

Conclusion

To be prepared is half the victory

Contacts

Thank youStephen ObockAssociate DirectorKPMG Kenya

C: 0709 576 129 / 0712 601 624E: sobock@kpmg.co.ke